[Cryptography] OpenPGP and trust

Bill Frantz frantz at pwpconsult.com
Sat Mar 29 21:11:51 EDT 2014

On 3/29/14 at 6:43 PM, stuartl at longlandclan.yi.org (Stuart 
Longland) wrote:

>Presently, there are a few means of authentication.  One is 
>call-sign databases ran by QRZ.com and other sites.  Some of 
>these cost money (after all, they cost money to run) to query.  
>Unfortunately at best they can tell you that the callsign AB2CD 
>is a valid call-sign and is owned by "Joe Public" living in 
>some part of the US.

The amateur radio community is a very interesting example for 
people interested in networked security. In amateur radio, 
everyone has unique true name. Mine is AE6JV. These names are 
government assigned and more interestingly, unique, global, and 
memorable (all 3 sides of Zooko's triangle). (Authenticating 
that someone the "real" AE6JV is a separate, unsolved, problem.)

By looking at interpersonal interactions in the amateur radio 
community, one can gain insight how humans react to such an 
identity situation.

Note that for US hams, the QRZ database is directly downloaded 
from the FCC. In that database, I am William, not Bill. When 
someone greets me as William, I know they got the name from the 
database, and not directly from me.

Cheers - Bill

Bill Frantz        |"Web security is like medicine - trying to 
do good for
408-356-8506       |an evolved body of kludges" - Mark Miller
www.pwpconsult.com |

More information about the cryptography mailing list